hostsharing/hs.hsadmin
8
1
Fork 0
Code Pull Requests Activity

Pruefung auf ungueltige Where-Parameter

Browse Source
This commit is contained in:
Peter Hormanns 2011-10-03 08:29:30 +00:00
parent 19845dacad
commit b14a49b786
1 changed files with 4 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
hsarback/src/de/hsadmin/cliClientConnector/CLIClientConnectorServlet.java
View File

@ -203,9 +203,10 @@ public class CLIClientConnectorServlet extends HttpServlet {
* *
* @return queryString a query string that can be used to select the * @return queryString a query string that can be used to select the
* required Objects * required Objects
* @throws ServletException
*/ */
private String buildQuery(Class<?> eType, Map<String, String> where, private String buildQuery(Class<?> eType, Map<String, String> where,
ArrayList<String> oids) { ArrayList<String> oids) throws ServletException {
String rval = ""; String rval = "";
boolean first = true; boolean first = true;
@ -217,6 +218,8 @@ public class CLIClientConnectorServlet extends HttpServlet {
rval += (first ? "" : " and ") rval += (first ? "" : " and ")
+ "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')"; + "(obj." + AbstractEntity.escapeString(kname) + " = '" + AbstractEntity.escapeString(where.get(k)) + "')";
first = false; first = false;
} else {
throw new ServletException("illegal input\nunknown field: " + k);
} }
} }